RE: [sniffer] Rulebase download script

2004-10-30 Thread Colbeck, Andrew 
Title: Message



Bill, 
you the man!

I was 
just polishing my own script based on comments made by you and Bonno at the end 
of the week! My modest efforts are attached as a .txt 
file.

A few 
comments from my own efforts:

The 
wget compress optionto save me and Pete some bandwidth isn't working for 
me. I don't know if the problems lies in my Win32 wget or in Pete's 
webserver options. If it's Pete's server, then your gzip is happy to find 
no compressed file, and return you the original format.

My 
script checks the result file (your snfupd.txt) and skips the replace step if 
the download was skipped or errored out.

My 
script rotates the Sniffer log before quitting.

I'm 
including it for posterity, and to help the folks in the cheap seats. I 
haven't bothered with variables.

Andrew 
8)

p.s. 
Instead of Scheduled Tasks, I use the "AT" command from the command line so that 
the update runs as the SYSTEM account; I'd rather have multiple AT commands than 
remember to change the password on an account and all of it's Scheduled 
Tasks.

  
  -Original Message-From: Landry William 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, October 30, 
  2004 4:48 PMTo: '[EMAIL PROTECTED]'Subject: 
  [sniffer] Rulebase download script
  Attached is an updated rulebase download script for 
  Windows environments that includes variable usage, better comments, gzip 
  compression via wget, new file testing before download, and the ability to 
  e-mail yourself the script results, if desired. This script has been 
  compiled from suggestions to this list and from my own script.
  You will need to rename the script file from ".txt" 
  to ".cmd" in order to use (used ".txt" in order to bypass filter rules and 
  virus scanners). You can then schedule the script to run via "Scheduled 
  Tasks"
  Enjoy! 
  Bill 
  snfupd.zip 

  


  ---This 
message and any included attachments are from Siemens Medical Solutions 
USA, Inc. and are intended only for the addressee(s). The 
information contained herein may include trade secrets or privileged or 
otherwise confidential information. Unauthorized review, forwarding, 
printing, copying, distributing, or using such information is 
strictly prohibited and may be unlawful. If you received this 
message in error, or have reason to believe you are not authorized 
to receive it, please promptly delete this message and notify the 
sender by e-mail with a copy to [EMAIL PROTECTED] 
Thank 
you
@REM This file is C:\Utils\UpdateSniffer.cmd
@REM AC July-06-2003
@REM The purpose is to truncate the MailSniffer log and fetch a fresh copy of the
@REM spam signatures rulebase.
@REM Dependencies:
@REM   wget.exe package (free) from http://wget.org
@REM   waitfor.exe utility (free) from the NT Resource Kit
@REM   fgrep.exe (free) from http://www.gnu.org
@REM
@REM Sep-07-2004 AC updated to make use of the sniffer check executable
@REM Oct-30-2004 AC updated to skip the download with wget -N if it is a duplicate of 
a previous download
@REMand also to skip the update if the download was a duplicate

@echo off
d:
cd \mailsniffer
if not exist d:\mailsniffer\temp\. md d:\mailsniffer\temp
if exist d:\mailsniffer\temp\result.txt del d:\mailsniffer\temp\result.txt
wget --tries=10 --wait=5 --random-wait --directory-prefix=d:\mailsniffer\temp -o 
d:\mailsniffer\temp\result.txt -N 
http://www.sortmonster.com/MessageSniffer/Demo/snfrv2r3.snf

REM If we didn't get the file, at least rotate the log file before quitting

if errorlevel 1 goto logrot
if not exist temp\snfrv2r3.snf goto logrot

REM Ok, we got the file, but is it fresh? Quit if it is the same as last time
fgrep Server file no newer than local file d:\mailsniffer\temp\result.txt
if not errorlevel 1 goto logrot

REM Check the file for validity, and at least rotate the log file before quitting

snf2check.exe temp\snfrv2r3.snf xnk05x5vmipeaof7
if not errorlevel 0 goto logrot

REM If we are here, the file was downloaded, was new, and checked out fine.

if exist snfrv2r3.snf.bak del snfrv2r3.snf.bak

ren snfrv2r3.snf snfrv2r3.snf.bak

:doreplace
waitfor 1
move /y temp\snfrv2r3.snf snfrv2r3.snf
if not errorlevel 0 goto doreplace

REM We send a snfrv2r3 reload here, although it checks every ten minutes anyway
snfrv2r3 reload

:logrot
snfrv2r3.exe rotate

:quit

RE: [sniffer] Rulebase download script

2004-10-30 Thread Landry William 

Sure, executing the script via the e-mail notification would work fine.
However, in that case you will not really need to test that the rulebase
file has changed, so you could remove the -N switch from the wget line.

Bill

-Original Message-
From: Sheldon Koehler [mailto:[EMAIL PROTECTED] 
Sent: Saturday, October 30, 2004 5:08 PM
To: [EMAIL PROTECTED]
Subject: Re: [sniffer] Rulebase download script


 You will need to rename the script file from .txt to .cmd in order 
 to use (used .txt in order to bypass filter rules and virus 
 scanners).  You can then schedule the script to run via Scheduled 
 Tasks

Bill,

Can it also be run from the Imail command via email notifications?

Sheldon


This E-Mail came from the Message Sniffer mailing list. For information and
(un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html

---
This message and any included attachments are from Siemens Medical Solutions 
USA, Inc. and are intended only for the addressee(s).  
The information contained herein may include trade secrets or privileged or 
otherwise confidential information.  Unauthorized review, forwarding, printing, 
copying, distributing, or using such information is strictly prohibited and may 
be unlawful.  If you received this message in error, or have reason to believe 
you are not authorized to receive it, please promptly delete this message and 
notify the sender by e-mail with a copy to [EMAIL PROTECTED] 

Thank you

This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html